Recent Articles

Win Hacker Training Worth $6000

We’re sure you’ve heard that our friends at Parameter Security have put together a great speaker lineup for ShowMeCon 2014 in St. Louis from May 5 – 6 that includes Dave Chronister, Adrian “IronGeek” Crenshaw, Wayne Burke, Jayson E. Street, John Matherly, Kevin Cardwell, Aamir Lakhani, Benoxa, Robert Reed, and Paul Coggin with keynotes by Evan “treefort” Booth, Andy Ellis, Ralph Echemendia and Raphael Mudge. These experts will tackle a variety of specialized topics such as hacking mobile devices, cloud computing, leveraging mobile devices in pen tests, cryptanalysis, how the most protected systems can be breached, defending your systems, forensics and more at this cutting-edge, two day con. ShowMeCon 2014 also features a CtF event. But in addition to being a quality con, they are also hosting training courses to be held just before the event with coverage of Network Defense, CISSP, Forensics, Ethical Hacking, Intro to PowerShell as well as a course on Advanced Mobile, WiFi and Network Hacking.

EH-Net has worked it out with the organizers of ShowMeCon 2014 to offer 3 Free Training Seats worth up to $6000 to top contributors. As we’ve done in the past, all you have to do is start posting in our Community Forums , spread the word on Twitter, join our LinkedIn Group… get involved. Suggest helpful hints, help a newbie, offer great career advice… anything you can think to share with the community is a chance to win. Participation will be tracked and the winners announced on April 4. Each of 3 winners will get their pick of one course offered at the event as well as entrance into the con for a great week of hacking education. More details after the break. Good luck!!

Late last year, EH-Net and eLearnSecurity threw out a little challenge to our readers as a way to make a gentle introduction to the topic of reverse engineering and also to announce eLS’s new course, Advanced Reverse Engineering Software (ARES). Below you will find the Reverse Engineering 101 Contest Solution not only in video format by challenge and course designer Kyriakos Economou but also the full winning entry by EH-Netter, Gerardo Iglesias Galvan. Congratulations to Gerardo and be sure to keep us posted on your progress through the free course you won through EH-Net.

Thanks to everyone who played, whether you submitted a solution or not. If you couldn’t solve it, no worries. It only means that you have the passion but you miss the knowledge, and this is what eLS guarantees to offer to you. Still, if you managed to solve it, then you know that there is so much still to learn. eLS guarantees that through the ARES course, you will learn much more in order to enhance your technical skills. If you didn’t try at all, now is your chance to start learning. Watch the video and read the write-up and hopefully it will spark your interest in diving deeper into this fantastic field of ethical hacking.

In terms of training, Offensive Security is best known for their Pentesting with BackTrack/Kali (PWK) and Cracking the Perimeter (CTP) courses. While PWK and CTP have reputations for being intense, grueling courses that require months of sacrifice and dedication, the word “Advanced” is conspicuously absent from their titles. This fact alone should emphasize where Offensive Security AWE falls in relation to these other courses.

After registering for the course, the student must complete a reversing challenge to ensure he or she has a basic understanding of the foundation concepts that are required to digest the course content. The material in the course is far more advanced than the challenge, and successfully completing the challenge is no guarantee that the student is fully prepared for the course. However, if the student is unable to complete this challenge, or has extreme difficulty with it, there is a significant gap in requisite knowledge, and it is recommended to pursue the course at a later date after additional preparation. Did I mention “Advanced?”

“The Basics of Hacking and Penetration Testing, 2nd Edition, Ethical Hacking and Penetration Testing Made Easy” by Patrick Engebretson covers the essentials. The introduction should not be skipped, because, first and foremost, it conveys that the book is intended for people that are new to pentesting and the hacking scene. It also gives a generic overview of a lot of tools in the book that “might” strongly come in handy even to those not so new to the industry. Additionally, he covers what is needed to follow along in the book, which transforms this work from being just a book into more of a “hands-on” reference guide.

The title by Syngress Publishing is divided into chapters that define each part of the standard methodology that should be used in every pentest. This is important because every good security professional knows that having a methodology or plan of action is the key to making sure that the pentest is successful every time. The “methodology” is covered in the meat of the book which includes Chapters 2 through 7. Most pentesting books have a “What is Pentesting” chapter, so naturally Chapter 1 starts here. The book ends in a great way, because the author covers the most important part of a penetration testing: the report. Now that it is known that the author covers the requisite topics, let’s see how he handles the details of delivering this message.

It’s a Thursday evening, and happy hour begins in a few minutes. You’re ready to get out of the office, as quickly as possible. You’ve been working on a report, and you know you still have work to do in the morning. So you lock your machine. It’s safe enough, right? You’ve got a strong password and full disk encryption. Ophcrack or a bootable Linux distro like Kali won’t work. You’d think you’d be fine, but you’d be wrong. More and more, attackers are using blended attacks to get the good stuff, and that includes utilizing the latest in forensic techniques.

There is a single section of your computer full of unencrypted sensitive information any attacker would love to get their hands on: your active memory. The system stores all manner of valuable information in memory for easy reference. Full disk encryption mechanisms must store encryption keys within memory somewhere. The same is true for Wi-Fi encryption keys. Windows keeps the registry hives in memory, and consequently the System and SAM hives. Most clipboards are stored within memory. Many applications keep passwords within memory. The point is, memory houses much of the valuable information that the system needs at a moment’s notice. Getting to it requires using some of the same forensics techniques employed by attackers. This article helps add some of those techniques to your pentesting toolkit.

Penetration testing is a multi-staged process by which an authorized consultant tests information systems and software for security vulnerabilities, and in turn demonstrates how they can be exploited. Penetration testing has become more and more challenging as vendors, developers and administrators become more aware of the threats and vulnerabilities to their information systems and software. As such, penetration testers have to stay abreast of the cutting-edge techniques used to compromise even the most modern information systems and associated mitigations. In this light, SANS Institute has developed their most technically intense course, SANS SEC 760 Advanced Exploit Development for Penetration Testers.

SANS SEC 760 Advanced Exploit Development for Penetration Testers is a six-day course that teaches the advanced techniques that are needed to compromise modern information systems. The course description states that, “Few security professionals have the skillset to discover let alone even understand at a fundamental level why the vulnerability exists and how to write an exploit to compromise it.” Therefore, topics such as threat modeling, IDA Pro, Heap Overflows, Return Oriented Shellcode, and Binary Diffing are just a few of the topics that are covered extensively. This article provides a day-to-day review of the live, in-person course which also happens to be taught by the courseware developer himself, Stephen Sims.

Details on the new training course from eLearnSecurity is out! There’s been some buzz about the new eLS course and what it could possibly be. As the above title indicates, one of the premier online training organizations is getting into RE. If you are interested in Software Reverse Engineering, either driven by curiosity or by the dream to become a professional in this subject, then the Advanced Reverse Engineering of Software (ARES) course is just what you need to get all the theoretical and practical knowledge to start your journey into the world of RE. And it starts right here with Reverse Engineering 101.

It’s been a while since we’ve had a webcast or a hacking contest, so why not combine them into one big EH-Net Special Event? And to get your Holiday Season rolling in proper EH-Net fashion, we’re also able to offer 5% Off with Coupon Code: EH-Net-5-eLS, even before the official launch date of Nov 26. So go reserve your seat now.

So here’s what we’ve cooked up for all of you EH-Netters out there. Just like you, eLS is also driven by passion, so they prepared a small challenge for their future students. Below is an executable just begging to be broken. You’ll have until Monday Dec 9 to break it. If you do, you’ll be entered into a pool of candidates where one of you will win the entire ARES course + Certification Exam for free! Then stay tuned for a future article with a full write-up as well as a video containing an Intro to RE, the solution to the challenge and the announcement of the winner. Good Luck.

The Basics of Web Hacking: Tools and Techniques to Attack the Web by Josh Pauli was recently released by Syngress Publishing in July of 2013. Dr. Pauli’s resume includes several academic journals, but this appears to be his first published book. But, do not be dissuaded. As you might expect, this first work shows the love of an eager first-time author who has an obvious passion about the subject matter. Dr. Pauli gives a nod to other topical works in the area of web application penetration testing and offers gracious thanks to his influences in the security community.

In the introduction Dr. Pauli is quick to explain the niche that his contribution to the topic fills within the available body of knowledge. He states that the intent of this book is to provide the fundamentals of web hacking for people who have no previous knowledge of web hacking, and that this book might act as an introduction that prepares people to consume some of the more thorough and advanced books on the subject. Keep reading after the break to see if he succeeded.

Upcoming Industry Events

CarolinaCon 11 The Last CarolinaCon As We Know It More info coming soon. CarolinaCon is an annual conference in North Carolina that is dedicated to sharing knowledge about technology, security and information rights. CarolinaCon also[...]

InfoSec World 2015 The MISTI team is excited to bring you a lineup of conference sessions, workshops and summits that address the most pressing matters in information security today. With a selection of our top-rated[...]

RSA Conference 2015 – USA Same time, same place, same humongous crowds! RSA Conference 2015 is not specifically focused on hacking, pentesting and the like, but it is the largest general information security event and[...]

THOTCON 0x6 THOTCON (pronounced \ˈthȯt\ and taken from THree – One – Two) is a small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best[...]

BSides Chicago 2015 Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and[...]

CEIC 2015 It’s no exaggeration to say that CEIC (Computer and Enterprise Investigations Conference) is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills[...]

OWASP AppSecEU 2015 The BeNeLux chapters will host the OWASP AppSec Europe Research 2015 global conference in Amsterdam, The Netherlands from May 19-22. Amsterdam is the capital of the Netherlands and the largest city of[...]

ShowMeCon 2015 St. Louis’ Hacking & Cyber Security Con ShowMeCon. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training[...]